Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932184Ab1COOZ6 (ORCPT ); Tue, 15 Mar 2011 10:25:58 -0400 Received: from cantor.suse.de ([195.135.220.2]:41379 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754964Ab1COOZ4 (ORCPT ); Tue, 15 Mar 2011 10:25:56 -0400 Subject: Re: [Security] [PATCH 00/20] world-writable files in sysfs and debugfs From: James Bottomley To: Greg KH Cc: Vasiliy Kulikov , security@kernel.org, acpi4asus-user@lists.sourceforge.net, linux-scsi@vger.kernel.org, rtc-linux@googlegroups.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, platform-driver-x86@vger.kernel.org, open-iscsi@googlegroups.com, linux-omap@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-media@vger.kernel.org In-Reply-To: <20110315141859.GA19442@kroah.com> References: <1300155965.5665.15.camel@mulgrave.site> <20110315030956.GA2234@kroah.com> <1300189828.4017.2.camel@mulgrave.site> <20110315141859.GA19442@kroah.com> Content-Type: text/plain; charset="UTF-8" Date: Tue, 15 Mar 2011 10:25:51 -0400 Message-ID: <1300199151.7744.12.camel@mulgrave.site> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1917 Lines: 46 On Tue, 2011-03-15 at 07:18 -0700, Greg KH wrote: > On Tue, Mar 15, 2011 at 07:50:28AM -0400, James Bottomley wrote: > > On Mon, 2011-03-14 at 20:09 -0700, Greg KH wrote: > > > There are no capability checks on sysfs files right now, so these all > > > need to be fixed. > > > > That statement is true but irrelevant, isn't it? There can't be > > capabilities within sysfs files because the system that does them has no > > idea what the capabilities would be. If there were capabilities checks, > > they'd have to be in the implementing routines. > > Ah, you are correct, sorry for the misunderstanding. > > > I think the questions are twofold: > > > > 1. Did anyone actually check for capabilities before assuming world > > writeable files were wrong? > > I do not think so as the majority (i.e. all the ones that I looked at) > did no such checks. OK, as long as someone checked, I'm happy. > > 2. Even if there aren't any capabilities checks in the implementing > > routines, should there be (are we going the separated > > capabilities route vs the monolithic root route)? > > I think the general consensus is that we go the monolithic root route > for sysfs files in that we do not allow them to be world writable. > > Do you have any exceptions that you know of that do these checks? Heh, I didn't call our security vacillations a dizzying ride for nothing. I know the goal once was to try to run a distro without root daemons (which is what required the capabilities stuff). I'm actually trying to avoid the issue ... I just want to make sure that people who care aren't all moving in different directions. James -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/